Riskybacon

iOS SNMP Trap Push Notifications

Push notifications are fun. If you know a bit about writing iOS apps and how to configure your app to receive push notifications, here's some code to turn SNMP traps into push notifications using Parse

FreeRADIUS Python VLAN Module

In February 2015, I needed to assign VLANs to devices connecting to a wireless network. The server infrastructure and data was already in place. I just needed to add some glue. I decided to write a FreeRADIUS Python module to assign the VLANs. <!--more--> What we had:

  • Xirrus APs using RADIUS for authentication
  • FreeRADIUS providing the RADIUS service
  • A mix of clients, mostly iPhones, Apple laptops, Linux laptops and some Windows laptops
  • OpenLDAP with the FreeRADIUS schema installed, and some local schema changes. No passwords stored in LDAP
  • MIT Kerberos for the password store
  • The arcfour-hmac:normal hash stored in our Kerberos DB for Windows client support
  • Kerberos Challenge Response Authentication Protocol for Windows client support
Versions:
  • CentOS 6.5
  • FreeRadius 2.1.12 + kcrap patch
  • OpenLDAP 2.4.23
  • Kerberos 1.6.1
We needed something to:
  • Query the LDAP database:
    • Take username and MAC address as input
    • Look at LDAP groups for VLAN tags
    • Output a VLAN tag
  • Insert a response into the RADIUS response packet with the VLAN tag information
  • Prioritize VLAN assignment. Users can belong to multiple groups. Assign the VLAN from the group with the lowest priority number
  • Check for known MAC addresses. The MAC address of the device must be known to assign anything other than the guest VLAN
I decided to use the FreeRADIUS module system. The documentation raises more questions than it answers. Luckily, the FreeRADIUS source code is nicely organized and readable. The section I needed to hook into is post-auth.